Hi everyone, I am pleased to announce that the QEMU v2.6.1 stable release is now available:
http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2 v2.6.1 is now tagged in the official qemu.git repository, and the stable-2.6 branch has been updated accordingly: http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6 This is a fairly large update that addresses a broad range of bugs and security issues. Users should upgrade accordingly. Thank you to everyone involved! CHANGELOG: fcf75ad: Update version for 2.6.1 release (Michael Roth) 5125bef: timer: set vm_clock disabled default (Gonglei) beeff74: Xen PCI passthrough: fix passthrough failure when no interrupt pin (Bruce Rogers) 1f1b96a: ppc64: fix compressed dump with pseries kernel (Laurent Vivier) 236039b: scsi: esp: check TI buffer index before read/write (Prasad J Pandit) 407fb6f: scsi: megasas: null terminate bios version buffer (Prasad J Pandit) 27fa5e7: scsi: esp: make cmdbuf big enough for maximum CDB size (Prasad J Pandit) 8c04a29: scsi: esp: clean up handle_ti/esp_do_dma if s->do_cmd (Paolo Bonzini) aa6905d: scsi: esp: respect FIFO invariant after message phase (Paolo Bonzini) e5c4e64: scsi: esp: check buffer length before reading scsi command (Prasad J Pandit) 80eb9b8: scsi: megasas: check 'read_queue_head' index value (Prasad J Pandit) 19dcd48: scsi: megasas: initialise local configuration data buffer (Prasad J Pandit) 1467b93: scsi: megasas: use appropriate property buffer size (Prasad J Pandit) 7a2c32e: net: mipsnet: check packet length against buffer (Prasad J Pandit) 780d831: hw/arm/virt: Reject gic-version=host for non-KVM (Cole Robinson) c5ba71b: ui: spice: Exit if gl=on EGL init fails (Cole Robinson) 84da2c6: sdl2: skip init without outputs (Gerd Hoffmann) ccecdf7: ui: sdl2: Release grab before opening console window (Cole Robinson) 0f9745a: ui: gtk: fix crash when terminal inner-border is NULL (Cole Robinson) 94c8340: ahci: free irqs array (Marc-André Lureau) 3d34297: ahci: fix sglist leak on retry (Marc-André Lureau) ff71767: macio: set res_count value to 0 after non-block ATAPI DMA transfers (Mark Cave-Ayland) ec211e7: atapi: fix halted DMA reset (John Snow) 16a87c4: ide: fix halted IO segfault at reset (John Snow) 86cc089: virtio: error out if guest exceeds virtqueue size (Stefan Hajnoczi) 502c8e8: target-i386: fix typo in xsetbv implementation (Dave Hansen) a87cef8: pcie: fix link active status bit migration (Michael S. Tsirkin) 97b5a97: nbd: Limit nbdflags to 16 bits (Eric Blake) 2317b32: nbd: Don't use *_to_cpup() functions (Peter Maydell) ce00e52: nbd: More debug typo fixes, use correct formats (Eric Blake) 28eae0a: Fix some typos found by codespell (Stefan Weil) 5634eb8: block/iscsi: fix rounding in iscsi_allocationmap_set (Peter Lieven) b6ece2c: util: Fix MIN_NON_ZERO (Fam Zheng) 8d7d776: qemu-iotests: Test naming of throttling groups (Alberto Garcia) 704ab2f: blockdev: Fix regression with the default naming of throttling groups (Alberto Garcia) 025c4e3: s390x/ipl: fix reboots for migration from different bios (David Hildenbrand) 82c8516: Revert "virtio-net: unbreak self announcement and guest offloads after migration" (Michael S. Tsirkin) 909d87d: virtio: set low features early on load (Michael S. Tsirkin) 9566cee: target-sparc: fix register corruption in ldstub if there is no write permission (Artyom Tarasenko) 44152ec: scsi: Advertise limits by blocksize, not 512 (Eric Blake) c9fb07b: scsi-generic: Merge block max xfer len in INQUIRY response (Fam Zheng) ab2aac5: nbd: Allow larger requests (Eric Blake) e19b9ad: vfio/pci: Fix VGA quirks (Alex Williamson) 4f696c8: pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c (Lin Ma) a50bb5f: qapi: Fix crash on missing alternate member of QAPI struct (Eric Blake) 4bfe16b: qcow2: Avoid making the L1 table too big (Max Reitz) 683c1c5: backup: Don't leak BackupBlockJob in error path (Kevin Wolf) 45f4e4b: net: fix qemu_announce_self not emitting packets (Peter Lieven) d1911a6: ui: fix regression in printing VNC host/port on startup (Daniel P. Berrange) 510531e: io: remove mistaken call to object_ref on QTask (Daniel P. Berrange) d59d37d: vmsvga: don't process more than 1024 fifo commands at once (Gerd Hoffmann) 71798fd: vmsvga: shadow fifo registers (Gerd Hoffmann) 3141be6: vmsvga: add more fifo checks (Gerd Hoffmann) 394647d: vmsvga: move fifo sanity checks to vmsvga_fifo_length (Gerd Hoffmann) 63a396d: block: Drop bdrv_ioctl_bh_cb (Fam Zheng) f882993: scsi: mptsas: infinite loop while fetching requests (Prasad J Pandit) 8b95d8e: scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952) (Prasad J Pandit) 54eb4cf: Fix configure test for PBKDF2 in nettle (Steven Luo) e81a24a: savevm: fail if migration blockers are present (Greg Kurz) fb26337: nbd: Don't trim unrequested bytes (Eric Blake) 509e132: block/iscsi: avoid potential overflow of acb->task->cdb (Peter Lieven) 6e7ee98: vfio: Fix broken EEH (Gavin Shan) 7ff5dc4: vga: add sr_vbe register set (Gerd Hoffmann) a1f006f: usb/ohci: Fix crash with when specifying too many num-ports (Thomas Huth) cba9a80: block/nfs: refuse readahead if cache.direct is on (Peter Lieven) 9b28a7f: esp: check dma length before reading scsi command(CVE-2016-4441) (Prasad J Pandit) 0a5e368: esp: check command buffer length before write(CVE-2016-4439) (Prasad J Pandit) 2522f0f: json-streamer: fix double-free on exiting during a parse (Paolo Bonzini) ebe0376: json-streamer: Don't leak tokens on incomplete parse (Eric Blake) 9520c6c: migration: regain control of images when migration fails to complete (Greg Kurz) dbbadeb: configure: Allow builds with extra warnings (Stefan Weil) bd5d278: target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2 (Paolo Bonzini) a525dec: target-mips: fix call to memset in soft reset code (Aurelien Jarno) 2cf1a12: usb:xhci: no DMA on HC reset (Roman Kagan) ea819be: exec.c: Ensure right alignment also for file backed ram (Dominik Dingel) 5a908cb: tools: kvm_stat: Powerpc related fixes (Hemant Kumar) 07a3a48: vl: change runstate only if new state is different from current state (Li Zhijian) 5b6c12e: spice/gl: add & use qemu_spice_gl_monitor_config (Gerd Hoffmann) d00ba3f: i386: kvmvapic: initialise imm32 variable (Prasad J Pandit)
